According to a draft copy of a fintech action plan (19-page / 400KB PDF) currently under development, the Commission said "the case for broad legislative or regulatory action or reform at EU level" on fintech issues is "limited".

However, according to the draft, the Commission will confirm plans to develop new EU laws for investment-based and lending or loan-based crowdfunding platforms in its finalised fintech action plan, due for publication in the spring.

The EU's approach to fintech was identified as a potential risk to the way the UK currently regulates businesses in the sector by UK parliamentary committee. The House of Lords European Union Committee said that while the UK government should pursue an agreement with the EU which provides financial services firms with "mutual market access" post-Brexit, it should resist any attempts by the EU to set new rules affecting innovation in fintech where it would "threaten the UK’s flexible and adaptive approach".

According to the leaked draft action plan, a number of initiatives will be recommended by the Commission to help enable more financial services firms to take advantage of cloud-based solutions.

The Commission is set to call on EU financial regulators to "explore the costs and benefits of guidelines on outsourcing to cloud service providers" by the first quarter of 2019, and invite organisations with an interest in the cloud market to work together to "develop standard contractual clauses for cloud outsourcing by financial institutions", through a new Financial Working Group. Those clauses could address issues such as "audit requirements, reporting requirements or the determination of materiality of activities to be outsourced", according to the leaked paper.

New self-regulatory industry codes of conduct could also be developed to "address easier porting of data between cloud service providers", it said.

The Commission is also set to assess how existing EU regulations apply to 'initial coin offerings' (ICOs), and carry out a further review of "the fitness” of EU financial services regulation for "use of disruptive technologies such as distributed ledger technologies and artificial intelligence" before the summer of next year.

Anther initiative set to be confirmed in the new EU fintech action plan is a step to encourage industry to develop, by the middle of 2019, "standardised PSD2 and GDPR compliant Application Programming Interfaces" to support a "European Open Banking eco-system covering payment and other accounts”.

The Commission is also set to commit to developing a "comprehensive strategy on distributed ledger technology and blockchain" and to addressing barriers to the sharing of information on cyber threats.

New EU guidelines on ICT risk management and mitigation requirements for financial firms are also potentially in the pipeline, along with a new "cyber threat testing framework for significant market participants and infrastructures" in Europe.

Angus McFadyen, an expert in financial services and technology law at Pinsent Masons, the law firm behind Out-Law.com, said: "The increased move to digital channels means heightened cyber risks, which regulators are alive to, but also an increasing convergence of products – it is not clear how regulators are going to manage that changing dynamic."

"There’s also a big open question on whether European regulators are going to continue what was started by PSD2, with the recognition of overlay services and third party providers, by extending similar regimes across other areas of financial services," he said.

The Commission set out a new consumer financial services action plan last year which set out plans to support digital identification (ID) in banking and also address issues concerning disclosures in a digital context.